Log Analytics is currently in preview and the prices below reflect a 50% preview discount. The service is offered in three tiers: Free, Standard and Premium. The free tier has a limit on the amount of data ingested daily. The Standard and Premium tiers do not have a limit on the amount of data ingested daily.
See pricing details for more information.
Your data volume is directly proportional to the number of agents and intelligence packs you have added to your Log Analytics Account. You can view your data usage at any time using the Usage tile in the Log Analytics Preview portal.
Yes. You can configure individual computers to send data to Log Analytics using only an agent, without the need of an Operations Manager management server. Learn how to connect Windows computers to Log Analytics.
No. You can use Log Analytics using only the Log Analytics Agent on the servers or VMs you’d like to onboard.
If you are using Log Analytics through a System Center Operations Manager environment you will need to install the latest update rollup – System Center 2012 R2, which you can download here. You can check your version of Operations Manager by navigating to the ‘Console Administration’ page.
The Log Analytics service does not impact the operational database or data warehouse. Log Analytics doesn’t use any on-premises data store—data is sent directly to the Log Analytics service in the cloud from the Operations Manager management server.
To read more about how Log Analytics protects your data, see Log Analytics data security.
The Log Analytics Preview does not use a public API. However, the Log Analytics team is considering this option based on detailed feedback requirements from customers. You can contact the Log Analytics team using the Feedback button at the bottom of the Log Analytics Portal.
|Intelligence Pack Name||Data Types|
|Configuration Assessment||Configuration Data|
|Capacity Planning||Performance Data|
|Security Assurance||Windows Security Events, Firewall logs|
|System Update Assessment||System Update Data|
|Log Management||Windows Event Logs and/or IIS Logs|
|Change Tracking||Software Inventory and Windows Service metadata|
|SQL Assessment||Configuration Data|
Intelligence Packs are a collection of logic, visualization and data acquisition rules that address key customer challenges today. They allow deeper insights to help investigate and resolve operational issues faster, collect and correlate various types of machine data and helps you be proactive with activities such as Capacity Planning, Patch status reporting and security auditing.
|Intelligence Pack Name||Prerequisites|
|Capacity Planning||The Operations Manager-VMM connector needs to be configured. You can view details at How to Connect VMM with Operations Manager.|
|Antimalware||Windows Defender or the System Center Endpoint Protection real-time client is required. If Log Analytics cannot find either, it uses data from the Malicious Software Removal Tool and marks the server as not having real-time protection.|
|System Update Assessment||None|
An organizational account, previously known as Microsoft Online Services ID, is an account created by an organization’s administrator to enable access to Microsoft organizational services or Microsoft cloud service subscriptions, such as Office 365 or Intune. These organizational accounts are managed by an organization’s administrator through Azure Active Directory and are usually in the form of firstname.lastname@example.org. For more about the Microsoft Organization ID account, see the Microsoft Account for Organizations FAQ.
The Azure Log Analytics workspace is the level at which data is collected. Each Log Analytics workspace is unique and can have multiple Microsoft and Organizational accounts associated with it, and each user account can have multiple Log Analytics workspaces. To learn more about the Log Analytics Workspace, see Create a Log Analytics Workspace and Prepare Your Environment.
The data is stored in the Microsoft Azure North America datacenter.
If you are using only the Log Analytics agent you can stop it from communicating to the service by going to the Control Panel and under Microsoft Monitoring Agent uncheck “Connect to Azure Log Analytics”
If you are using Log Analytics through Operations Manager, you can specify which agents are on agents where data is collected from and sent to Log Analytics. This is controlled within your Operations Manager console.
Data collected using intelligence packs is collected by Operations Manager agents or Direct Agents, and is sent as frequently as it is generated. For example, shortly after an event is written or when performance counter data is collected.
Configuration Assessment data is sent by default every few hours, but this frequency can be increased or delayed by following the instructions on this help document: http://onlinehelp.microsoft.com/en-us/advisor/hh442889.aspx
You can close your Preview account from the Account page in the Log Analytics Preview portal at any time. For more information about closing an Log Analytics account, see Close Your Account.
System Center Advisor is now part of Azure Log Analytics.